3 years ago · fe8508cfc0
--- a/requirements-base.txt
+++ b/requirements-base.txt
@@ -34,7 +34,7 @@ progressbar2==3.32.0
 
				 # If we bump it to 2.8.4 or greater then Python 3.6 & 3.8 would use the same version
			
 
				 psycopg2-binary==2.7.7; python_version == '3.6'
			
 
				 psycopg2-binary==2.8.6; python_version > '3.6'
			
 
				-pyjwt[crypto]==2.0.1
			
 
				+PyJWT==1.5.3
			
 
				 python-dateutil==2.8.1
			
 
				 python-memcached==1.59
			
 
				 python-u2flib-server==5.0.0
			
--- a/src/sentry/integrations/atlassian_connect.py
+++ b/src/sentry/integrations/atlassian_connect.py
@@ -42,7 +42,7 @@ def get_integration_from_jwt(token, path, provider, query_params, method="GET"):
 
				         raise AtlassianConnectValidationError("No token parameter")
			
 
				     # Decode the JWT token, without verification. This gives
			
 
				     # you a header JSON object, a claims JSON object, and a signature.
			
 
				-    decoded = jwt.decode(token, options={"verify_signature": False})
			
 
				+    decoded = jwt.decode(token, verify=False)
			
 
				     # Extract the issuer ('iss') claim from the decoded, unverified
			
 
				     # claims object. This is the clientKey for the tenant - an identifier
			
 
				     # for the Atlassian application making the call
			
@@ -62,9 +62,7 @@ def get_integration_from_jwt(token, path, provider, query_params, method="GET"):
 
				     if provider == "bitbucket":
			
 
				         options = {"verify_aud": False}
			
 
				 
			
 
				-    decoded_verified = jwt.decode(
			
 
				-        token, integration.metadata["shared_secret"], options=options, algorithms=["HS256"]
			
 
				-    )
			
 
				+    decoded_verified = jwt.decode(token, integration.metadata["shared_secret"], options=options)
			
 
				     # Verify the query has not been tampered by Creating a Query Hash
			
 
				     # and comparing it against the qsh claim on the verified token.
			
 
				 
			
--- a/src/sentry/integrations/bitbucket/client.py
+++ b/src/sentry/integrations/bitbucket/client.py
@@ -58,7 +58,7 @@ class BitbucketApiClient(ApiClient):
 
				             "sub": self.subject,
			
 
				         }
			
 
				         encoded_jwt = jwt.encode(jwt_payload, self.shared_secret)
			
 
				-        headers = {"Authorization": "JWT %s" % encoded_jwt}
			
 
				+        headers = {"Authorization": b"JWT %s" % encoded_jwt}
			
 
				         return self._request(method, path, data=data, params=params, headers=headers, **kwargs)
			
 
				 
			
 
				     def get_issue(self, repo, issue_id):
			
--- a/src/sentry/integrations/jira_server/webhooks.py
+++ b/src/sentry/integrations/jira_server/webhooks.py
@@ -21,7 +21,7 @@ def get_integration_from_token(token):
 
				         raise ValueError("Token was empty")
			
 
				 
			
 
				     try:
			
 
				-        unvalidated = jwt.decode(token, options={"verify_signature": False})
			
 
				+        unvalidated = jwt.decode(token, verify=False)
			
 
				     except jwt.DecodeError:
			
 
				         raise ValueError("Could not decode JWT token")
			
 
				     if "id" not in unvalidated:
			
@@ -31,7 +31,7 @@ def get_integration_from_token(token):
 
				     except Integration.DoesNotExist:
			
 
				         raise ValueError("Could not find integration for token")
			
 
				     try:
			
 
				-        jwt.decode(token, integration.metadata["webhook_secret"], algorithms="HS256")
			
 
				+        jwt.decode(token, integration.metadata["webhook_secret"])
			
 
				     except Exception as err:
			
 
				         raise ValueError("Could not validate JWT. Got %s" % err)
			
 
				 
			
--- a/src/sentry_plugins/jira_ac/utils.py
+++ b/src/sentry_plugins/jira_ac/utils.py
@@ -42,7 +42,7 @@ def get_jira_auth_from_request(request):
 
				         raise ApiError("No token parameter")
			
 
				     # Decode the JWT token, without verification. This gives
			
 
				     # you a header JSON object, a claims JSON object, and a signature.
			
 
				-    decoded = jwt.decode(token, options={"verify_signature": False})
			
 
				+    decoded = jwt.decode(token, verify=False)
			
 
				     # Extract the issuer ('iss') claim from the decoded, unverified
			
 
				     # claims object. This is the clientKey for the tenant - an identifier
			
 
				     # for the Atlassian application making the call
			
@@ -54,7 +54,7 @@ def get_jira_auth_from_request(request):
 
				     jira_auth = JiraTenant.objects.get(client_key=issuer)
			
 
				     # Verify the signature with the sharedSecret and
			
 
				     # the algorithm specified in the header's alg field.
			
 
				-    decoded_verified = jwt.decode(token, jira_auth.secret, algorithms="HS256")
			
 
				+    decoded_verified = jwt.decode(token, jira_auth.secret)
			
 
				     # Verify the query has not been tampered by Creating a Query Hash
			
 
				     # and comparing it against the qsh claim on the verified token.
			
 
				 
			
--- a/tests/sentry/integrations/jira_server/test_integration.py
+++ b/tests/sentry/integrations/jira_server/test_integration.py
@@ -305,7 +305,7 @@ class JiraServerIntegrationTest(IntegrationTestCase):
 
				             data = json.loads(request.body)
			
 
				             url = data["url"]
			
 
				             token = url.split("/")[-2]
			
 
				-            token_data = jwt.decode(token, options={"verify_signature": False})
			
 
				+            token_data = jwt.decode(token, verify=False)
			
 
				             assert "id" in token_data
			
 
				             assert token_data["id"] == expected_id